Allowing Access to Google Services

If your organization uses Connect for Chromebooks or Google authentication with SSL login pages, and you want to ensure that communication to Google's servers is uninterrupted and all filtering policies are still applied to end-users, you need to create additional filtering and access policies in the Smoothwall Filter and Firewall. This is especially important if your Google devices are used off-site.

From time to time, unauthenticated Chromebook users might attempt to browse the Internet. You can create a group where all such web requests are assigned, then create a Guardian authentication policy to either completely block access or only allow limited access.

Typically, unauthenticated web requests are assigned to the Unauthenticated IPs group. If required, you can create a separate group to handle unauthenticated Chromebooks.

Procedure

To limit or block access to unauthenticated Chromebook users, add a new user group. See our help topic, Adding user groups.

Name: "Unauthenticated Chromebook Users"

For new installations, you should already have a non-transparent core authentication policy by default. However, you might need to create it using these settings. See our help topic, Creating authentication policies.

Step 1: What

Type: "Non-transparent"

Method: "Core authentication"

Interface: Choose the internal interface used by the Connect for Chromebooks extension or the SSL/non-SSL login pages.

Step 3: Options for unauthenticated requests

Included groups: Optionally, choose the group created previously for unauthenticated Chromebooks and other unauthenticated Google users.

If they don't already exist, add a Smoothwall access rule for these services to the interface used by the authentication policies. See our help topic, Adding new Smoothwall access rules. If you are using the Hearst release or earlier, add an external access rule instead with the mentioned services.

Name: Type a name for your access rule.

Services:

"Other web access on HTTP (80)"

"Other web access on HTTPS (442)"

If your Chromebooks are also used off-site, add external access rules for the two services but also on the External interface.